EhostAsia Business Email Solutions

14/03/2020

Avoid Coronavirus Scams

Hundreds of Coronavirus-themed domains are now being used to spread malware and steal information.

The latest news from the Health Sector Cybersecurity Coordination Center (HC3) reports that the cybercriminals were impersonating John’s Hopkins University, a world-renowned health institution, to infect website visitors with the AZORult trojan. This program exfiltrates sensitive data that can be sold on the dark web or used to commit cybercrimes.
The fake website appears to be a legitimate COVID-19 live tracking map for the virus.

In addition to users finding the website organically through web searches, the website was circulated via a variety of other tactics, including:

1. malicious links and attachments in emails
2. social engineering, and
3. online advertising.

Coronavirus-Themed Phishing Emails are also on the rise!

Carefully crafted phishing emails are sent to entice users to open attachments or to click on links that contain malware.
Cybercriminals impersonate a variety of organizations, including the U.S. Centers for Disease Control and Prevention (CDC), the World Health Organization (WHO), and a Japanese disability welfare service provider. Such emails contain Trojan-Downloaders disguised as a Microsoft Word document. This downloader is commonly used to install TrickBot, a banking trojan that steals sensitive information via man-in-the-middle (MitM) attacks or spreads other types of malware across networks.

Protect Your Organization from Fake Coronavirus Phishing Sites by:

1. Keeping employees informed.
2. Sharing official resources.
3. Verifying sources of information.
Before any sensitive information can be shared, wire transfers can be made, or any other actions can be taken, employees must first verify the request directly with the source.

- Carefully check the email header information (the “from” field), such as the email address and domain name, to verify that it matches the contact information for that individual.

- Never respond to the email sender directly.

- Get phone verification by calling via an official phone number (such as from your internal directory).

17/07/2018

The weakest link in any line of security is the user.

Yes, negligent employees are the root cause of most cyber security incidents.

Some companies still don’t realize that their employees are actually one of the biggest threats to their website and network safety. That’s not said in a malicious way about your employees, either. It’s just that people are prone to occasional bouts of carelessness.

A large percentage of attacks on small to medium-sized businesses came as a result of phishing or some other form of social engineering.

The best defense companies have against phishing attacks is to block malicious emails before they reach customers. Unfortunately, no matter what companies do, some phishing emails will always make it to the inbox. And those messages are extremely effective—97% of people around the globe cannot identify a sophisticated phishing email. That’s where customer education comes in.

Below are some tips on how to identify phishing emails.

1. Don’t trust the display name
A favorite phishing tactic among cybercriminals is to spoof the display name of an email. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header "From"— if looks suspicious, don’t open the email.

2. Look but don’t click
Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in website address directly rather than clicking on the link from unsolicited emails

3. Don’t give your email address and password
Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up.

4. Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”

Beyond negligent employees, many of the IT professionals surveyed voiced concerns over their companies’ password policies – or lack therof. Never reuse your passwords and avoid using passwords that are easy to crack. Best solution is just use a secure passphrase generator like https://xkpasswd.net/s/

20/09/2017

Learn how you can create and edit Microsoft Word compatible documents with eHostAsia Premium. Visit https://www.ehostasia.com for more details.

19/09/2017

Upgrading your eHostAsia Email account equips your team with the tools they need, so they are empowered to work smarter from anywhere. Visit https://www.ehostasia.com for more details.

16/09/2017

We are happy to announce the arrival of eHostAsia Premium with Cloud Drive! eHostAsia Premium is your trusted business-class email bundled with powerful new features that allow you to keep your files safe and secure in the cloud.

21/08/2017

New logo. New website. Still the same reliability that businesses trust since 2009.
https://www.ehostasia.com

16/08/2017

Need an archiving service with unlimited storage for your existing email system?

If security and reliability are important to you, eHostAsia is your best choice. We continually upda